Whether your business is new, established, confronting a scandal, or establishing or amending its by-laws, as a director or an officer you can help to manage organizational risks.
Your organization should:
1. Provide awareness training in negligence and liability to all directors and officers.
2. Ensure directors are aware of:
- Risks associated with being a director for the organization.
- Statutory and civil liabilities.
- Specific directors' obligations.
- Other rules associated with the organization's business for which directors may be liable due to acts or omissions of the organization.
- Other responsibilities (including understanding finances and knowing the organization and its by-laws).
3. Ensure there is no conflict between the duty owed to the organization and a director's self-interest
Conflicts of interest
- Avoid outside employment or business that may compromise the organization’s best interests.
- Handle confidential and sensitive information carefully (prevent leaks of information).
- Follow guidelines on the appropriateness of public statements (i.e., what and when information can be released).
- Not accept gifts, favours or services relating to company duties.
4. Ensure directors are aware of the organization's operations and affairs. Maintain formalized operating policies and procedures for all activities within the organization's control.
About policies and procedures
- The organization should:
- Implement a financial management policy. Establish clear financial reporting guidelines.
- Store confidential materials and sensitive information in a proper place, and;
Create a human resources policy. Prepare formal job descriptions for all employees and document required experience and training as well as specific aspects of unacceptable employee performance.
- Determine who has access.
- Encrypt all confidential electronic materials.
- Ensure only those with passwords have access. Passwords should be frequently changed according to best practices and IT security policies.
- Implement firewalls to prevent hackers from accessing information.
5. Ensure all employees, visitors, customers, clients and other stakeholders are protected from reasonably anticipated harm.
6. Establish a formal information reporting system.
Generally, a director is entitled to rely on information provided by officers or employees/volunteers of the organization, unless the director knows that relying on the officer or employee/volunteer is unreasonable.
7. Encourage directors to speak up.
Directors should have a clear understanding of all the activities in the organization and should question anything that is unclear. Directors should also clearly communicate their decisions.
8. Document decisions and how they were made.
9. Ensure directors work closely with legal representatives in making decisions.
If a director provides full disclosure to counsel, requests counsel's advice as to the legality of the proposed action, receives advice that the action would be lawful and proceeds in reliance on the advice, this may demonstrate that the director acted with due care.
10. Implement a whistle-blower policy that is communicated to staff and volunteers.
Let people know which board member or representative they should advise of any situation of which they feel the board should be aware.
11. Implement a director's indemnification policy that clearly states the rights and obligations of directors and what protection is provided to them by the organization.